add Terraform + Ansible infrastructure for GCP deployment

Provisions e2-micro VM (us-east1-b, free tier) with static IP, SSH and web firewall rules, Docker + Caddy startup script, and IAM bindings for Firestore and GCS access via ADC. Imports existing drb-calls bucket and c2-server Firestore database into state. Ansible roles handle first-time setup (swap, docker group) and all subsequent deploys via rsync + docker compose, with secrets managed via Ansible Vault. DNS stays on AWS Route 53.
2026-06-22 02:03:36 -04:00
parent 4295bdf4d2
commit 33700448bf
17 changed files with 461 additions and 25 deletions
@@ -0,0 +1,73 @@
+---
+# Full first-time setup: waits for the VM's startup.sh to finish installing
+# Docker, then deploys the stack.  Safe to re-run — all tasks are idempotent.
+#
+# Usage:
+#   ansible-playbook -i inventory.ini site.yml --ask-vault-pass
+
+- name: Bootstrap + deploy DRB server
+  hosts: drb
+  become: true
+  vars_files:
+    - vault.yml
+
+  pre_tasks:
+    - name: Wait for Docker (startup.sh runs async on first boot)
+      command: docker info
+      register: _docker
+      until: _docker.rc == 0
+      retries: 30
+      delay: 10
+      changed_when: false
+
+    - name: Create 2 GB swap file
+      command: fallocate -l 2G /swapfile
+      args:
+        creates: /swapfile
+
+    - name: Set swap file permissions
+      file:
+        path: /swapfile
+        mode: "0600"
+
+    - name: Format swap file
+      command: mkswap /swapfile
+      register: _mkswap
+      changed_when: _mkswap.rc == 0
+
+    - name: Enable swap
+      command: swapon /swapfile
+      register: _swapon
+      failed_when: _swapon.rc != 0 and 'already' not in _swapon.stderr
+      changed_when: _swapon.rc == 0
+
+    - name: Persist swap in fstab
+      lineinfile:
+        path: /etc/fstab
+        line: "/swapfile none swap sw 0 0"
+        state: present
+
+    - name: Set swappiness to 10 (use swap only under pressure)
+      sysctl:
+        name: vm.swappiness
+        value: "10"
+        sysctl_set: true
+        state: present
+        reload: true
+
+    - name: Add deploy user to docker group
+      user:
+        name: "{{ ssh_user }}"
+        groups: docker
+        append: true
+
+    - name: Create app directory
+      file:
+        path: "{{ app_dir }}"
+        state: directory
+        owner: "{{ ssh_user }}"
+        group: "{{ ssh_user }}"
+        mode: "0755"
+
+  roles:
+    - deploy